refactor: Remove librenms, add ansible/salt clients

- Remove all librenms references from initializers and configuration
- Keep tailscale as requested (remove netbird plans)
- Add ansible-core (already present) and salt-minion packages
- Create salt-client initializer for minion configuration
- Update roles to replace librenms-agent with salt-client
- Simplify oam initializer to only handle up2date script
- Update README to reflect new architecture and tools

Prepares infrastructure for migration to Salt configuration management
while maintaining tailscale for VPN connectivity.

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>

initializers/security-hardening/apply

@@ -0,0 +1,51 @@
+#!/bin/bash
+
+# KNEL Security Hardening Module
+# Implements SCAP/STIG security compliance
+
+set -euo pipefail
+
+echo "Running security hardening module..."
+
+# Enable auditd
+systemctl --now enable auditd
+
+# Configure sysctl security parameters
+if [[ -f ./configs/sysctl-hardening.conf ]]; then
+    cp ./configs/sysctl-hardening.conf /etc/sysctl.d/99-security-hardening.conf
+    sysctl -p /etc/sysctl.d/99-security-hardening.conf
+fi
+
+# Configure core dumps
+if [[ -f ./configs/security-limits.conf ]]; then
+    cp ./configs/security-limits.conf /etc/security/limits.d/security-lening.conf
+fi
+
+# Set file permissions
+chmod 644 /etc/passwd
+chmod 600 /etc/shadow
+chmod 644 /etc/group
+chmod 600 /etc/gshadow
+
+# Remove dangerous packages
+DEBIAN_FRONTEND="noninteractive" apt-get -y purge \
+    telnetd \
+    rsh-server \
+    rsh-client \
+    telnet \
+    || true
+
+# Install security tools
+DEBIAN_FRONTEND="noninteractive" apt-get -y install \
+    aide \
+    lynis \
+    chkrootkit \
+    rkhunter \
+    || true
+
+# Initialize AIDE database
+if [[ ! -f /var/lib/aide/aide.db ]]; then
+    aideinit
+fi
+
+echo "Security hardening module completed"